From 9dc4bb94f29975ff746e39c60f0631e5abedb468 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 2 Oct 2023 18:06:27 -0400 Subject: [PATCH] updates --- .openpublishing.redirection.windows-security.json | 5 +++++ .../bitlocker/bitlocker-device-encryption.md | 2 +- .../bitlocker-how-to-deploy-on-windows-server.md | 2 +- .../bitlocker-management-for-enterprises.md | 4 ++-- ...r-drive-encryption-tools-to-manage-bitlocker.md | 2 +- ...{bitlocker-basic-deployment.md => configure.md} | 2 +- .../data-protection/bitlocker/faq.yml | 2 +- .../includes/allow-network-unlock-at-startup.md | 2 +- ...-bitlocker-planning-and-policies.md => plan.md} | 10 +++++----- .../data-protection/bitlocker/toc.yml | 14 +++++++------- 10 files changed, 25 insertions(+), 20 deletions(-) rename windows/security/operating-system-security/data-protection/bitlocker/{bitlocker-basic-deployment.md => configure.md} (99%) rename windows/security/operating-system-security/data-protection/bitlocker/{prepare-your-organization-for-bitlocker-planning-and-policies.md => plan.md} (96%) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index e1e02c8d2f..15d2edb55e 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -7434,6 +7434,11 @@ "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery", "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock", + "redirect_document_id": false } ] } diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption.md index 6ad2f1a108..47e815ee11 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption.md @@ -94,7 +94,7 @@ Network Unlock requires the following infrastructure: - A server with the DHCP server role installed -For more information about how to configure Network unlock feature, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). +For more information about how to configure Network unlock feature, see [BitLocker: How to enable Network Unlock](network-unlock.md). ## Microsoft BitLocker administration and monitoring diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 1c64084bcd..0f6c4d617f 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -99,4 +99,4 @@ Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilitie - [BitLocker overview](index.md) - [BitLocker frequently asked questions (FAQ)](faq.yml) - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md) -- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) +- [BitLocker: How to enable Network Unlock](network-unlock.md) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md index cf8015982b..001a92385f 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -42,7 +42,7 @@ The Minimal Server Interface is a prerequisite for some of the BitLocker adminis If a server is being installed manually, such as a stand-alone server, then choosing [Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience/) is the easiest path because it avoids performing the steps to add a GUI to Server Core. - Additionally, lights-out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). + Additionally, lights-out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](network-unlock.md). For more information, see the BitLocker FAQs article and other useful links in [Related Articles](#related-articles). ## PowerShell examples @@ -105,7 +105,7 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi - [How to update local source media to add roles and features](/archive/blogs/joscon/how-to-update-local-source-media-to-add-roles-and-features) - [How to add or remove optional components on Server Core](/archive/blogs/server_core/using-features-on-demand-with-updated-systems-and-patched-images) *(Features on Demand)* - [How to deploy BitLocker on Windows Server](bitlocker-how-to-deploy-on-windows-server.md) -- [How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) +- [How to enable Network Unlock](network-unlock.md) - [Shielded VMs and Guarded Fabric](https://blogs.technet.microsoft.com/windowsserver/2016/05/10/a-closer-look-at-shielded-vms-in-windows-server-2016/) ### PowerShell diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index cde89fc313..8073f52262 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -224,5 +224,5 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5- - [BitLocker overview](index.md) - [BitLocker frequently asked questions (FAQ)](faq.yml) - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md) -- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) +- [BitLocker: How to enable Network Unlock](network-unlock.md) - [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/operating-system-security/data-protection/bitlocker/configure.md similarity index 99% rename from windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md rename to windows/security/operating-system-security/data-protection/bitlocker/configure.md index 252147dd1d..cd33ef59b4 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/configure.md @@ -451,5 +451,5 @@ Disable-BitLocker -MountPoint E:,F:,G: - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md) - [BitLocker recovery guide](bitlocker-recovery-guide-plan.md) -- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) +- [BitLocker: How to enable Network Unlock](network-unlock.md) - [BitLocker overview](index.md) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml index 9d6e947e05..c0eed9c67a 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml +++ b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml @@ -388,7 +388,7 @@ sections: Network Unlock uses two protectors - the TPM protector and the protector provided by the network or by the PIN. Automatic unlock uses a single protector - the one stored in the TPM. If the computer is joined to a network without the key protector, it will prompt to enter a PIN. If the PIN isn't available, the recovery key will need to be used to unlock the computer if it can't be connected to the network. - For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). + For more info, see [BitLocker: How to enable Network Unlock](network-unlock.md). - name: Use BitLocker with other programs questions: diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md index fffb6d2a20..436b2dd8a3 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md @@ -18,7 +18,7 @@ If you disable or don't configure this policy setting, BitLocker clients won't b > [!NOTE] > For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or the server at startup. -For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](../bitlocker-how-to-enable-network-unlock.md) +For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](../network-unlock.md) | | Path | |--|--| diff --git a/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/operating-system-security/data-protection/bitlocker/plan.md similarity index 96% rename from windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md rename to windows/security/operating-system-security/data-protection/bitlocker/plan.md index 5b3837ef6b..17c348dd2f 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/plan.md @@ -1,11 +1,11 @@ --- -title: Prepare the organization for BitLocker Planning and policies -description: This article for the IT professional explains how can to plan for a BitLocker deployment. +title: Plan for a BitLocker deployment +description: Learn how to plan for a BitLocker deployment in your organization. ms.topic: conceptual ms.date: 11/08/2022 --- -# Prepare an organization for BitLocker: Planning and policies +# Plan for a BitLocker deployment This article for the IT professional explains how to plan BitLocker deployment. @@ -132,7 +132,7 @@ Administrators can enable BitLocker before to operating system deployment from t ## Used Disk Space Only encryption -The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the new BitLocker group policy setting to enforce either Used Disk Space Only or Full disk encryption. +The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the BitLocker policy setting to enforce either Used Disk Space Only or Full disk encryption. Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, the wizard asks to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption. @@ -142,7 +142,7 @@ With Full drive encryption, the entire drive is encrypted, whether data is store ## Active Directory Domain Services considerations -BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following group policy setting for each drive type to enable backup of BitLocker recovery information: +BitLocker integrates with Microsoft Entra ID and Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following group policy setting for each drive type to enable backup of BitLocker recovery information: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > ***drive type*** > **Choose how BitLocker-protected drives can be recovered**. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml index c58c7125ab..cb5af928c0 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml +++ b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml @@ -5,10 +5,10 @@ items: href: countermeasures.md - name: Deployment guides items: - - name: Planning for BitLocker - href: prepare-your-organization-for-bitlocker-planning-and-policies.md - - name: BitLocker basic deployment - href: bitlocker-basic-deployment.md + - name: Plan for a BitLocker deployment + href: plan.md + - name: Configure BitLocker + href: configure.md - name: BitLocker deployment comparison href: bitlocker-deployment-comparison.md - name: BitLocker device encryption @@ -21,14 +21,14 @@ items: href: bitlocker-how-to-deploy-on-windows-server.md - name: Manage BitLocker with Drive Encryption Tools href: bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md - - name: Use BitLocker Recovery Password Viewer - href: bitlocker-use-bitlocker-recovery-password-viewer.md - name: BitLocker Recovery Guide href: bitlocker-recovery-guide-plan.md - name: Protect cluster shared volumes and storage area networks with BitLocker href: protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md - name: Network Unlock - href: bitlocker-how-to-enable-network-unlock.md + href: network-unlock.md + - name: BitLocker Recovery Password Viewer + href: bitlocker-use-bitlocker-recovery-password-viewer.md - name: Reference items: - name: BitLocker policy settings